And steemmonsters can create an authority to any internet user that could give the ability to use a posting key to sign those transactions, they wouldn't even need SteemConnect ... but SteemConnect dealing with the permissions is very doable.
On that interface they simply don't allow for that login to do anything but battle.
Yeah, we're right at the edge of my comprehension at this point. I don't know enough about the nature of the tokens used by Steemconnect and Keychain.
Interesting conversation though.
It's not really necessary. Think about it in terms of logins. If you have your posting key, you can do all of the posting keys things with it. But if you log into Steemit.com with your posting key and then hand your laptop to somebody else, they can only do the things that Steemit.com allows them to do. If they want to make custom Jsons, too bad for them.
Jarvie's idea is basically a little more sophisticated version of that.
Think about how much more intuitive to a non-tech non-blockchain geek who doesn't even want to know what an active or posting key is... they just want to log in with a normal password and play a simple game with your cards.
If i tell my nephew to save this crazy key and be careful with it because while a transfer they switched so that they can only do with this thing called the Transfer Key but they can write posts and spam accounts with this wierd thing called the "posting key" and cause a bit of mischief.
On the other hand... Hey nephew i made a guest account and the password is "myuncleismyhero" and you can go in there and play games.
I don't have to tell him anything else but perhaps how to play the game. And if he asks, "I hear these cards are worth money and you can sell them" I say yep... you can't sell or transfer my cards but I'll split the profits of the booster packs we get from you playing.
At the end of the day they should be able to go onto the site and not hate blockchain. Maybe not even need to know the site uses blockchain or cryptographic passwords.